Visiting the compromised site and looking at the source code I found a script within the HTML tags pointing to the Afraidgate URL:

The GET request for the JavaScript at red.kamyuenenterprise.hk returned the following response from the server:

The response used gzip compression, however, pulling the file and opening it as a .txt document shows the response contains an iframe:

That iframe points to the Neutrino Exploit Kit landing page. Here is the GET request and response:

Again, the response is using gzip compression. Below is the HTML code found on the landing page:

Once the victim is redirected to the landing page their browser is directed, via the object tag in the HTML, to load the Flash Player and then play the SWF file found in the URL. If the user doesn’t have Flash Player the browser is given instructions to download it.

Here is the actual GET request for that Flash file found in the URL and the response from the server: